In an authentication system for a computer system that uses an IC (integrated circuit) card, it is necessary to perform identity authentication to confirm that the user is the authorized holder of the IC card, so as to prevent unauthorized use of the IC card through a theft or the like, as disclosed in Patent Document 1. Normally, a password called PIN (personal identification number) is used in such identity authentication.
In this authentication system, mutual authentication is performed between the IC card and the authentication system terminal, so as to prove that the IC card is not an unauthorized card issued by counterfeiting or alteration, and the authentication system terminal is not an unauthorized terminal.
This technique is known as internal authentication for authenticating the validity of the IC card when seen from the side of the authentication system terminal, and is also known as external authentication for authenticating the validity of the authentication system terminal when seen from the side of the IC card.
The authentication system terminal is then put into a password input waiting state. The user inputs the password to the authentication system terminal, and the input password is compared with a password stored beforehand in the IC card, so as to perform the identity authentication.
In the above procedures, however, the authentication system terminal that requires a password has not been proved to be valid for the user.
More specifically, in a case where an unauthorized terminal is modified so as to look as if rightfully authenticated, the user cannot determine that the terminal is an unauthorized terminal. Therefore, the user is always exposed to the danger of wrongful use or theft of the password through an impersonating authentication system terminal.
To solve the above problem, Patent Document 1 discloses a device that prevents password leakage. The device has a means that reads secret information available only to a subject user from an IC card, after authenticating the validity of an authentication system terminal. The unit presents the secret information to the user, and then requests the user to input the password.    Patent Document 1: Japanese Patent Application Laid-Open No. 7-141480